As EU policymakers debate the proposed rules, it remains to be seen whether these measures will emerge as a powerful shield against fraud. The challenges and benefits associated with the new rules are under careful evaluation as the talks progress.
Evolution or revolution?
The “Payments package” was proposed by the European Commission (Commission) in June 2023. As part of the package, the Commission wants to amend and modernise the current Payments Services Directive (PSD2), which is set to become PSD3 and establish, in addition, the Payments Services Regulation (PSR) – a premiere given its direct application in the EU member states. Specifically concerning payment services, the new PSD3 contains rules on the granting of licenses and the supervision on payments institutions, while the PSR combines new rules for payment service providers and consumers.
To explore the evolving landscape of payments services, Hanover Communications hosted a timely roundtable. The discussion brought together a diverse group, including speakers from the three key institutions of the European Union and industry experts. This blog post will delve into the key takeaways from the roundtable, including the author's insights, to highlight the challenges and opportunities facing the payments industry.
Is prevention the best defence?
Fraud is affecting the most important element in financial services - trust. The Commission’s analysis suggests that while it’s impossible to completely eradicate fraud, it can be significantly curtailed, and its impacts softened, with the right regulatory measures. This assessment has also observed that the enforcement of Strong Customer Authentication (SCA), as a compulsory measure in the PSD2, has positively contributed to diminishing fraud rates for unauthorized transactions. Instead, more sophisticated fraud has moved to authorised payments.
Against this backdrop, the Commission takes a consumer-centric approach and proposes in the PSR to increase the instances when consumers would be refunded. For example, if the bank’s system fails to notice when the name and bank account number (IBAN) of the person getting the payment don't match, the consumer could be refunded. Same applies if a consumer is tricked by a “spoofing” scam, the so-called “impersonation fraud”. In these instances, consumers could be reimbursed, except in cases of “gross negligence” of the consumer.
But the challenge is whether the approach to refund the consumers is proportionate enough to all the parties involved. While the consumers applaud these provisions, there are some other instances of social engineering fraud, where the reimbursement will have to be analysed by payments institutions against the “gross negligence” definition. The PSR acknowledges that moral hazard can cause a reduction in the customer’s vigilance and therefore refund right should be applied carefully. On the other hand, payments institutions are calling for a balanced approach, which would allow a shared responsibility for fraud prevention among all the parties involved, including a broad definition of gross negligence which would encourage consumers to be accountable for their security practices.
Tackling fraud: a top priority
Policymakers in the European Parliament (Parliament) and the Member States consider tackling fraud an absolute priority. As discussions are ongoing, the Parliament wants to establish a liability framework that minimizes fraud while avoiding moral hazard. The Parliament decided to reinforce further the Commission's consumer protection provisions, and extended the liability in cases of impersonation of fraud to other parties along the value chain (e.g. online platforms, telecoms). Particular attention is given to education campaigns to help citizens avoid becoming victims of payment fraud. The Member States, on the other hand, are still shaping their position. Past discussions have focused on defining the situations of “gross negligence” and determining the delineation between authorised and unauthorised transactions by defining “consent” (when the consumer freely and intentionally consented to a transaction).
Anticipating the trilogues: what could be the outcome?
After passing the vote in the Parliament’s responsible committee, the PSR is awaiting the full house’s approval in April 2024 and decision to enter into interinstitutional negotiations (trilogues). Given the EU elections in June 2024, it is unlikely that the procedure will be concluded during the current legislative mandate. There has been clear consensus that the trilogues are only likely to begin under the next legislature.
Given the importance that policymakers place on tackling fraud, a consensus is expected. What is still to be seen is the approach that will be taken by the Council, when looking to reinforce these provisions. Additional hurdles may arise from the change in the European Parliament negotiating team following the EU elections.
While shared responsibility for fraud prevention encourages all parties to be vigilant, too much consumer protection may lead to moral hazard. A possible outcome could be a nuanced approach to refunds, where consumers are protected but also incentivised to maintain high security standards for their transactions, something that could be welcomed by consumers and payments institutions.
Furthermore, extending liability to other parties such as online platforms or telecoms could lead to those costs being passed on to consumers in the form of higher prices or service fees. An outcome could be the establishment of clear guidelines about how costs related to fraud prevention and reimbursement are to be absorbed or shared among the different parties.
Finally, a balanced approach could be possible between fraud reduction and consumer convenience. Additional security measures, such as IBAN/name check, can reduce fraud but may also add friction to the customer experience, potentially leading to reduced customer satisfaction or slower adoption of digital payment services. As an outcome, a balance may be sought where security measures are strong enough to deter fraud but streamlined enough not to overly inconvenience consumers.
While the deliberations within the Parliament have reached the plenary vote, the ongoing discussions in Council offer a strategic moment for stakeholders to make meaningful contributions. Engaging with Member States now is crucial, as it allows for the incorporation of diverse perspectives and expertise, potentially leading to a balanced PSR text for all interested parties.